By default, Headwind MDM uses the following ports:
Port 8080 for unsecure HTTP connections;
Port 8443 for secure HTTPS connections;
Port 31000 for Push messages delivery through MQTT protocol.
Therefore, you must forward the following ports:
External:80 -> Internal:8080
External:443 -> Internal:8443
External:31000 -> Internal:31000
You must also do the following to make Headwind MDM work well behind a firewall:
1. Update the MQTT socket which Headwind MDM binds to, see this article: https://qa.h-mdm.com/1714/
2. Make sure that HTTP requests to the external IP address or domain name are available from the server on which Headwind MDM is installed. Headwind MDM web panel uses HTTP requests to itself (to generate QR codes).